Search
Virus Protection

Archive for the ‘Computer Security’ Category

« Older Entries
Newer Entries »

DNSChanger to knock 350000 users off Internet this July – ZDNet (blog)

April 27th, 2012 | Author: admin

Every lousy day, here at ZDNet and all the other reputable technology news and opinions sites, we preach about basic computer security. Windows users are always the most vulnerable, but even Mac users can get hit as well. And, every lousy day, far too many people don’t pay any heed to these warnings. Take the case of DNSChanger, which was fixed months ago but is still going to end up knocking hundreds of thousands of PCs off the Internet this July.

DNSChanger is a Windows and Mac Trojan that’s been around since 2007. What it did was to cause Windows PCs and Macs to use rogue Domain Name System (DNS) servers. First, it changed your computer’s DNS server settings to replace your ISP’s good DNS servers with rogue DNS servers (PDF Link) operated by the criminal. Then, it tried to compromise your routers and home gateways. It did this by using the most default user names and passwords for small office/home office (SOHO) dynamic host configuration protocol (DHCP) servers. If successful, DNSChanger switched your router or gateway’s default DNS servers to the rogue DNS servers. This in turn would make all the PCs on your LAN go to the corrupt DNS servers. This way a single infected system could compromise every PC on a network even if they didn’t have an infection.

What happened then was that when you tried to go to a popular Website, like Amazon or iTunes, instead of seeing the content you’d expected, you’d see large advertisements or were rerouted to spam or malware sites. Adding insult to injury, DNSChanger also blocked access to anti-virus sites to prevent the removal of the malware.

Back in November, in Operation Ghost Click, the FBI shut down the botnet behind DNSChanger. In the meantime every major anti-virus company have updated their programs to find and smash DNSChanger. So, why in April, is is still a problem?

I’ll tell you why, because out of the four-million or so people whose systems were infected with DNSChanger, 350,000 or so, slightly less than one in ten, still have it and still haven’t fixed their computer or router’s DNS settings. Argh!

You see after the FBI took down the botnet, it arranged to have the Internet Systems Consortium put up good DNS servers in place of the ones that were redirecting people into bad sites. This way those who had been infected would still be connected to the Internet. And, of course, so they could get fresh anti-virus software to clean up the bug and find out how to reset their DNS. Most people did. A lot of people didn’t.

The FBI wants to shut down its servers for those who never bothered to clean up their systems. Originally the Feds were going to shut down the replacement servers in March, but last month a federal judge ordered an extension of the DNS services fix to July 9. This will give the clueless a few more months to give users, businesses and governments more time to deal with DNS Changer.

The clueless, by the way, aren’t just individuals who never patch their computers and haven’t updated their anti-virus software this decade. No, according to IID (Internet Identity), a provider of technology and services that help organizations secure their Internet presence,94 of all Fortune 500 companies and three out of 55 major government entities still had at least one computer or router that was infected with DNSChanger in March.

Is it any wonder that hardily a day goes by without news of yet another major Web site security breech?

To find out if you’re infected, visit the DNS Changer Check-Up site, which checks your PC’s DNS resolution without installing any software. If you do have a case, all modern, up-to-date anti-virus programs can remove DNSChanger.

After zapping it, you may still need to change your router’s DNS settings if the bug got to it. To do this varies from router to router. Just follow your vendor’s instructions. You can either choose to use your ISP’s default DNS servers or, do like I do, and use the OpenDNS DNS servers, 208.67.222.222 and 208.67.220.220, or Google’s DNS servers, 8.8.8.8 and8.8.4.4. Either tend to be faster than most ISP’s DNS services.

Related Stories:

FBI shutters $14m major click-jacking fraud; 4 million computers affected

The malware numbers game: how many viruses are out there?

Kaspersky: Apple ‘10 years behind Microsoft in terms of security’

Huge Twitter spam campaign for fake antivirus discovered

Anonymous wants to take down the Great Firewall of China

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

Two free Mac antivirus apps compared – CNET

April 26th, 2012 | Author: admin

Recent malware attacks targeting Macs haven't tarnished the machine's reputation as the safer alternative to a Windows PC. But for many Mac users, the Flashback Trojan has dispelled the myth of Mac invulnerability.

The most recent Java-based iteration of Flashback appears to be easy to catch: just visit the wrong Web page and your machine's infected, as Josh Lowenstein describes in his Flashback FAQ.

Josh's FAQ explains that Flashback's creators may have exploited Apple's go-it-alone strategy. Apple refuses to preinstall Adobe's Flash player, so Mac users are prompted to download and install the plug-in when they encounter a Web site that uses Flash. The initial release of Flashback mimicked Adobe's Flash installer.

Likewise, the company's decision to release its own Java patches rather than rely on Oracle's public release may have helped spread the later Java-based version of Flashback: by last February Oracle had patched the Java vulnerability leveraged by Flashback, but Apple didn't get around to plugging the hole until this month.

Tools for detecting and removing Flashback
Apple's Flashback malware removal tool is recommended for Mac OS X Lion without the Java runtime environment installed. Alternatively, F-Secure's free Flashback Removal Tool works with earlier versions of Mac OS X and alerts you to the results of its scan; Apple's tool does nothing unless its scan finds Flashback.

F-Secure Flashback Removal Tool alert

F-Secure's Flashback Removal Tool gives you the all-clear after it scans your Mac for the Flashback Trojan.

Topher Kessler explains on the MacFixIt blog how to disable Java on a Mac. Since Java isn't installed by default with OS X Lion, you may be prompted to install the Java runtime when you attempt to open Java Preferences in the Applications/Utilities folder.

To disable Java in the Safari browser, click Safari > Preferences > Security and uncheck Enable Java.

Safari Preferences dialog Security options

Disable Java in the Safari browser by opening the Preferences dialog and unchecking Enable Java under the Security tab.

In Firefox, disable Java by clicking Tools > Add-ons > Plug-ins and choosing the Disable button for the Java plug-in. To do the same in Chrome, enter chrome://plugins in the browser's address bar and press Enter. Click Disable under the entry for the Java plug-in.

Prepare for the next Mac malware attack by installing free AV software
The silver lining of the Flashback outbreak is the need for real-time virus protection for Macs. Two popular antivirus programs for OS X are Mark Allan's ClamXav donationware and the free Sophos Anti-Virus for Mac Home Edition.

Both programs feature automatic updates of their malware definitions, real-time virus protection, and scheduled scans. They can be set to quarantine or remove the threats they detect, and they add a scan-this-file option to the Mac's contextual menu.

Either of the two antivirus apps will provide all the malware protection a Mac user needs, although Sophos Anti-Virus's clean and polished interface gives it an edge over ClamXav.

To start ClamXav, click its icon in the menu bar. Before your first scan, choose the Updated Definitions button. (The program's Preferences options let you update the definition database automatically when the app opens.)

Click the plus button at the bottom of the source pane on the left and choose the item you want to scan, or simply drag the file or folder you want to scan into the source pane. Click the Start Scan button in the top-left corner of the window. The scan progress is shown in the bottom pane, and detected items are listed in the top window.

ClamXav main scan window

The ClamXav scanner shows detected items in the main window, a scan summary in the bottom window, and the scanned items in the left pane.

The 27 suspicious items ClamXav identified on my test Mac were all from Gmail's spam folder, which I had inadvertently imported to the Mac mail app. ClamXav will only quarantine the items after you have selected the option under Quarantine in the Preferences dialog.

ClamXav Preferences dialog quarantine options

Set the quarantine folder for the suspicious items identified by ClamXav via the program's Preferences dialog.

Other options in Preferences let you exclude files from scans, schedule scans, and set the program's real-time Sentry feature to scan inserted discs automatically.

Sophos Anti-Virus also places an icon in the menu bar; start by clicking the icon choosing either Scan Local Drives or Open Sophos Anti-Virus and then the Scan Now button. Select either "Scan with current privileges" or "Scan all" and enter your password.

When the scan completes the results are shown in the small Sophos window. Click the Quarantine Manager button to view more details.

Sophos Anti-Virus for the Mac scan-results window

The simple Sophos scan-results window shows the number of items detected by the scan.

Access Sophos Anit-Virus's settings by clicking the menu bar icon and choosing Open Preferences, or click Sophos Anti-Virus > Preferences on the main menu. You can clean up, move, or delete detected items via the options under Scan Local Drives. Other settings let you activate the on-access scanner, enable the Live Protection feature, and view or clear the log file.

Sophos Anti-Virus for the Mac Preferences dialog

View a detailed log of the Sophos scan by clicking the View Log button in the program's Preferences dialog.

ClamXav and Sophos Anti-Virus for the Mac have similar features and worked about the same when I tested the programs, although ClamXav crashed in mid-scan on a couple of occasions. I also found the Sophos design easier to use, but either program will help you lock down your Mac without getting in the way of your work.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

Mac virus hits campus – Yale Daily News

April 26th, 2012 | Author: admin

A computer virus that affects Mac operating systems has spread to Yale’s campus after infecting over 600,000 computers across the world.

Roughly 50 students have reported to Information Technology Services that their computers have the Flashback virus, which can go undetected while stealing personal information such as passwords and credit card information saved in files, said Adam Bray, assistant manager for the Student Technology Collaborative. Bray said students can help protect themselves against the virus by installing anti-virus software available on the ITS website, and students can enlist the support of student techs to remove the virus if their computers are already infected.

“Once a computer has been infected, the virus hijacks certain web browsers, and silently runs a program in the background,” Bray said. “This allows the application to monitor web browsing, capture passwords and other sensitive information, and send this information back to remote servers.”

The virus enters computer systems though a variety pathways, such as corrupted websites that have Java applets or by posing as an update installer for Adobe Flash Player, Bray said, adding that in some cases the virus does not need owners to enter their administrative passwords in order to infiltrate the systems.

Macs running on the latest updates for Mac operating systems — Mac OS X Snow Leopard 10.6 or 10.7 Lion — are immune to the virus, Bray said, but users who contracted the virus before installing the update can remove the virus through the Apple Flashback Malware removal tool on Apple’s support site. Students can check whether their computers have the virus by visiting Flashbackcheck.com, according to a campus-wide email about the virus sent on April 11 by ITS.

But computers that are running on Mac versions 10.5 or earlier need to install an anti-virus utility such as Symantec Endpoint Protection, which is available for free at the Yale Software Library on ITS’s website.

Lesya Chopivsky ’15, whose laptop was affected by the virus, said she took her computer to student techs to be checked and found out her computer had been infected. She had initially decided not to install anti-virus software because of Mac’s strong reputation of protection against viruses, she said, and she has already changed her passwords and may call her credit card companies to make sure there has not been any irregular activity. She added that she was asked by ITS not to use the YaleSecure network as a precautionary measure until the virus was removed, a process that took her about one day.

Bray said the number of students requesting computer support has spiked in recent weeks, but that the end of academic terms are normally busy for student techs since students want to avoid computer trouble during finals period.

“Students choose these times to bring problems to us that may have been occurring for a while, but not serious enough to warrant concern until the computer is more important to the student academically,” he said.

The Flashback virus was first discovered last September.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

DNS Changer Virus: FBI Removal Tips & How To Check If You’ve Got Malware – Z6Mag

April 25th, 2012 | Author: admin

DNS Changer Virus Removal

People are starting to pay attention to the information about the DNSChanger Virus that has infected hundreds of thousands of systems in the United States and around the world. There could be up to 4 million infected hosts throughout the world.

On July 9th, 2012 if you haven’t checked your system for the DNS Changer Virus and you have it, you will not be able to use the Internet. The effected systems are Windows or Mac systems. This means that if you access the Internet from an iOS device, Linux or from an Android OS device you’re good to go and are not infected.

So why won’t your computer be able to access the Internet if you have the DNS Changer Malware? Your DNS settings are changed by the virus rerouting you to hijacked servers that serve ads from the hackers that have amassed millions in ad dollars. The FBI took over these hijacked servers and have started making people’s computers infected by the virus go to destinations without ads.

The government can’t afford to continue to operate all of these servers so they’re turning them off on July 9th, 2012 and at that point infected computers will be trying to access a server that doesn’t exist.

So let’s get the DNS Changer Virus removed from your system. We have provided some videos below to walk you through how to get it removed from your system as well as resources from the FBI Removal page that describes what actions you can take.

The information on the FBI page that is called Check To See if Your Computer is Using a Rogue DNS states:

“The FBI is seeking information from individuals, corporate entities, and Internet Services Providers who believe that they have been victimized by malicious software (“malware”) related to the defendants. This malware modifies a computer’s Domain Name Service (DNS) settings and thereby directs the computers to receive potentially improper results from rogue DNS servers hosted by the defendants.

If you believe you have been victimized in this case, please type your DNS information into the search box below.

Information on how to determine your DNS settings, along with other technical details about DNSChanger, can be found at www.fbi.gov/news/stories/2011/november/malware_110911/dns-changer-malware.pdf.”

The easiest way to check if you’ve got the DNSChanger Malware is to go to:

http://www.dns-ok.us

If you see a screen that looks like our above graphic you are good to go. You should still probably get some anti-virus software and malware removal software to remove any spy programs or hidden trojans on your PC. When issues like the DNS Changer virus come up it’s always a good reminder to make sure you’re protected and your computer is safe from hackers.

There are popular products that will protect your computer all the time from viruses, trojans, spy programs and a lot more. Some of the best rated products are created by companies like Kaspersky and Norton. Kaspersky Internet Security 2012 and Norton Internet Security 2012 are quick to download and will provide you with premium protection from just about anything you might run into.

We’ve also provided a video below of how to remove the DNSChanger Virus with free software and removal tools:

How to Remove The Trojan.DNSChanger Virus?

This video provides instruction on how to remove the Trojan.DNSChanger virus.

A popular comment on this video also mentioned this: “I use Spybot – search and destroy, it’s free and i haven’t had any problems because it takes care of any spyware/malware that infects my computer without me knowing. (Microsoft security Essentials is also an excellent free antivirus)”

GD Star Rating
loading...
DNS Changer Virus: FBI Removal Tips & How To Check If You've Got Malware, 5.0 out of 5 based on 2 ratings
Tags: , , ,

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

Beware of the gift horse – Sydney Morning Herald

April 25th, 2012 | Author: admin
Macbook.

Mac users are warned about Flashback malware, which can potentially steal passwords. Photo: Reuters

The Flashback trojan has breached Apple's lauded defences.

A MAJOR security scare has shattered the myth of the impenetrable Mac.

Mac users have long been comforted by Apple's impressive security record compared with the long-suffering heathens of the Windows world. This confidence comes across as arrogance at times but pragmatists on both sides have always known Macs were ''less vulnerable'' rather than ''invulnerable''. Apple has managed to keep hackers from its gates for many years but it was only a matter of time before the defences were breached.

The day of reckoning has come for Mac users in the form of the Flashback virus. It has reportedly snuck on to more than half-a-million Macs around the world, including more than 40,000 in Australia. It is not the first Mac security incident but it is the most significant.

There are several variations of Flashback, which initially masqueraded as an update to the Adobe Flash plug-in. It is a classic trojan malware trick of which the ancient Greeks would have been proud. Just like the soldiers hidden within the fabled wooden horse, Flashback opens the gates for the bad guys to plunder Macs.

Flashback is actually malicious software with the potential to steal passwords and other information. It can also take control of your infected Mac and use it as part of further attacks. Flashback has been ''improved'' by hackers to the point where it can quietly install itself behind the scenes - all you need to do is visit an infected webpage.

The most virulent version of Flashback generally finds its way on to Macs by exploiting a weakness in Java. This is a third-party plug-in developed by Sun Microsystems (since swallowed by Oracle) that adds capabilities to Macs, Windows or other devices. Some will argue that the flaw is with Java and not the Mac OS, thus Apple's reputation remains untarnished. But splitting hairs does not change the fact Flashback was targeted specifically at Mac users and it hit the mark.

In Apple's defence, it does not install Java by default on Mac OS 10.7 Lion. But some Lion users will still have it installed, as will Mac users running older versions such as Snow Leopard 10.6. The situation is complicated by the fact Apple maintains its own version of Java for Macs. In February, Oracle fixed the Java weakness that Flashback exploits but Apple did not get around to fixing its version of Java for Macs until April.

So how do you protect yourself against Flashback? The easiest option is to run Apple's Software Update - you will find it by clicking on the Apple logo at the top left of your desktop. This offers Lion and Snow Leopard users a Java update that removes Flashback and fixes the underlying vulnerability. There is also an update for Lion users who do not run Java - tinyurl.com/chmt3hm - just in case Flashback found another way to sneak on to their computer.

Unfortunately, there is no fix for Java from Apple if your Mac still runs Mac OS 10.5 Leopard or an earlier version (which is reportedly about 20 per cent of Macs). Apple's blunt advice is to simply disable Java in your browser - tinyurl.com/7jqtpjt - but Apple offers no help if you are already infected.

Java is becoming less common but you still might require it to access some websites and run some software. Disabling Java in your browser will not affect desktop applications, unless you go the extra step and disable it in the Java Preferences utility. If you are disabling Java in your browser, do not also disable JavaScript. They are not the same thing and many websites rely on JavaScript.

If you are reliant on a website that needs Java, you will need to weigh up your options - either find a new website, upgrade to a newer version of Mac OS, or take the risk and enable Java when you need it.

What if you are not running Lion or Snow Leopard? How do you know if you are already infected with Flashback and what can you do about it? Apple has left you in the lurch and its only advice is, ''upgrade to Lion''. If you are in this boat, one option is to run F-Secure's Flashback removal tool. Once you are sure you are clean of Flashback, you should take the appropriate Java precautions to prevent future infections.

Flashback is not the first Mac security threat but it should be the one that makes Mac users sit up and pay attention.

Rather than simply running F-Secure's Flashback removal tool, Mac users should consider a full Mac security suite. Other Mac viruses have already emerged to exploit the same Java flaw and you can be sure they will not be the last to target Macs.

You will find free Mac anti-virus software from Sophos, along with paid Mac security suites from the likes of Norton, Kaspersky and BitDefender.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

Sophos Report: 20% of Macs are Carrying Windows Malware – AMOG

April 25th, 2012 | Author: admin
Apr25 MacBookPro 550x300 Sophos Report: 20% of Macs are Carrying Windows Malware

Source: MacBook Pro/ Apple

Windows malware is so prevalent that it didn’t come as a surprise when security firm Sophos found out that one in every five Macs is infected with it. The issue was revealed after the antivirus company made a sampling of 100,000 Apple notebooks. Mac owners were asked to download the free antivirus software from Sophos, and it turns out that 20 percent of them are silently harboring Windows malware.

The security firm noted that the malware will not affect the machine unless users activate Apple’s Boot Camp software to switch from OSX to a Windows operating system. Among the infected machines, 2.7 percent of them were carrying the virus that is specifically tailored for OS X, while the rest came in with a variant of the Flashback Trojan, or “Flashplyr.”

Nevertheless, Sophos believes that Mac owners should be “responsible members of the society,” and make sure that their system is not infected with Windows malware, which is a great way to prevent the virus from spreading further.

Meet the Flashback Trojan

It should be recalled that Apple released a Flashback Malware Removal Tool last week, a couple of months after security firm Intego discovered the Flashback Trojan. It affected more than 600,000 Macs around the world, and is considered the worst malware that the product line has ever seen.

Designed for the Mac OS X Lion, it originated from a malicious website that tricked users into downloading a phony Adobe Flash Player. Once downloaded, it deleted the installation package, deactivated some network security software, and injected itself into certain applications. Then it connected to remote servers and sent specific information about the infected notebook.

That’s why the Cupertino-based company decided to roll out a removal tool for Macs that don’t have Java installed. It will basically scan the computer and erase any known iterations of the malware. In some cases, it may require a user to restart his or her notebook to completely remove the Flashback Trojan.

Advice for Mac Users

What makes Sophos’ finding shocking is the fact that most viruses found on the infected Macs date back to 2007. They could have easily been detected if users had run an antivirus check sooner. That’s why the security firm advises Mac owners to download antivirus software and keep it updated.

The same thing goes for the operating system, programs, applications, and security patches. The origin of the apps that users download should be trustworthy, and they should be cautious when clicking any links attached to files that they open. Most of all, it’s important that all users be well informed about the old and new malwares that lurk across the cyber world.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

Nuke the Box: Push Underway to Clean up 300000 PCs With DNS Virus – PCWorld

April 24th, 2012 | Author: admin

Nuke the Box: Push Underway to Clean up 300,000 PCs With DNS VirusA PR campaign is underway to clean up as many as 300,000 computers infected with DNSChanger viruses that divert victims' traffic to sites that can further exploit the machines and their owners, but it's not clear that goal can be accomplished without drastic measures.

If a machine is infected with DNSChanger, that infection is often accompanied by a rootkit that is very difficult to remove, says Jose Nazario, senior manager of security research at Arbor Networks.

"The safest thing is to nuke the box and reinstall," Nazario says, meaning that the hard drive should be wiped and the operating system and applications reloaded. "Remediation is one of the toughest challenges we face."

[BACKGROUND: Authorities prepare to shut down DNSChanger severs]

But there are also removal tools that can remove the rootkit without having to reformat, says Barry Greene, the former director of Internet Systems Consortium, a volunteer group that has been working on the problem. "A paranoid security person is going to tell you [reformatting] is what you've got to do," Greene says.

DNSChanger has attracted attention since Nov. 8, 2011, when a major botnet distributing the viruses under the corporate name Rove Digital was taken down by the FBI, NASA Office of the Inspector General and Estonian police. The takedown involved seizing servers in New York, Chicago and Estonia.

It also resulted in the arrest of six men who have face charges in the U.S. related to the botnet.

Subsequent to the takedown, special DNS servers managed by Internet Systems Consortium have been put in place to properly handle DNS requests from infected machines. Without these servers, those machines would not be able to connect to sites on the Internet.

The court order allowing these servers to adopt the IP addresses of the ones used by Rove Digital expires July 9, when they will be taken offline. A that point, machines infected with DNSChanger won't be able to reach DNS servers and so won't be able to reach websites.

The public relations push started this week by members of the DNSChanger Working Group urges computer users to check their machines for infection and remediate the problem before July 9. The group has set up a website where users can find out if their machines are infected, remove the viruses and protect the machines from future infection.

The process sounds simple, but it's unclear how effective the dcwg.org-recommended diagnostics are.

The group's website refers visitors to www.dns-ok.us where a check is run on the machine that is connecting. But the results aren't conclusive.

After running the check, the site pops up this notice: "Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI's website at: http://www.fbi.gov/news/stories/2011/november/malware_110911"

The FBI site doesn't offer any more information about detecting whether machines are infected, but does refer back to www.dcwg.org.

Greene says that the check for infection requires no software download to the machine being tested. Instead, the machine sends a DNS query to a site set up by the testers who look at the DNS record on the query to see whether it came from one of the special Internet Systems Consortium servers. If so, that's an indication computer is infected.

If a victim's ISP has set up its own DNS servers to handle requests from infected machines, the test site will consider that a legitimate DNS source and conclude that the machine is not infected.

The DNSChanger Working Group is compiling a list of ISPs that have set up their own DNS servers to intercept queries from infected machines so their customers can find out from the ISPs whether their machines are infected, Greene says.

He also says that many such ISPs have already mailed letters to their customers whose machines they suspect of being infected. Sending such notifications by email would be easily mistaken for phishing.

The PR push to get the remaining infected computers cleaned up created some unexpected problems for DNSChanger Working Group's website. Traffic jumped from hundreds of hits per day to millions, with 5,000 concurrent connections. The site crashed one day, but it has been beefed up in the meantime, Greene says.

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter @Tim_Greene.

Read more about wide area network in Network World's Wide Area Network section.

For more information about enterprise networking, go to NetworkWorld. Story copyright 2011 Network World Inc. All rights reserved.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

Nuke the box: Push underway to clean up 300000 PCs with DNS virus – Network World

April 24th, 2012 | Author: admin

A PR campaign is underway to clean up as many as 300,000 computers infected with DNSChanger viruses that divert victims' traffic to sites that can further exploit the machines and their owners, but it's not clear that goal can be accomplished without drastic measures.

If a machine is infected with DNSChanger, that infection is often accompanied by a rootkit that is very difficult to remove, says Jose Nazario, senior manager of security research at Arbor Networks.

"The safest thing is to nuke the box and reinstall," Nazario says, meaning that the hard drive should be wiped and the operating system and applications reloaded. "Remediation is one of the toughest challenges we face."

BACKGROUND: Authorities prepare to shut down DNSChanger severs

But there are also removal tools that can remove the rootkit without having to reformat, says Barry Greene, the former director of Internet Systems Consortium, a volunteer group that has been working on the problem. "A paranoid security person is going to tell you [reformatting] is what you've got to do," Greene says.

DNSChanger has attracted attention since Nov. 8, 2011, when a major botnet distributing the viruses under the corporate name Rove Digital was taken down by the FBI, NASA Office of the Inspector General and Estonian police. The takedown involved seizing servers in New York, Chicago and Estonia.

It also resulted in the arrest of six men who have face charges in the U.S. related to the botnet.

Subsequent to the takedown, special DNS servers managed by Internet Systems Consortium have been put in place to properly handle DNS requests from infected machines. Without these servers, those machines would not be able to connect to sites on the Internet.

The court order allowing these servers to adopt the IP addresses of the ones used by Rove Digital expires July 9, when they will be taken offline. A that point, machines infected with DNSChanger won't be able to reach DNS servers and so won't be able to reach websites.

The public relations push started this week by members of the DNSChanger Working Group urges computer users to check their machines for infection and remediate the problem before July 9. The group has set up a website where users can find out if their machines are infected, remove the viruses and protect the machines from future infection.

The process sounds simple, but it's unclear how effective the dcwg.org-recommended diagnostics are.

The group's website refers visitors to www.dns-ok.us where a check is run on the machine that is connecting. But the results aren't conclusive.

After running the check, the site pops up this notice: "Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI's website at: http://www.fbi.gov/news/stories/2011/november/malware_110911"

The FBI site doesn't offer any more information about detecting whether machines are infected, but does refer back to www.dcwg.org.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

Mac Malware:1 in 5 Apple Macs Infected, Is Yours? 3 Places to Check – International Business Times

April 24th, 2012 | Author: admin

You may not be able to see or hear it, but new research has found that one in five Mac computers carry Windows or Mac Malware.

Sophos experts tested 100,000 Macs and found an alarmingly high number of computers that carry one of the two malware. 

Most of the Macs were found carrying Windows malware, which doesn't explicitly show symptoms on Macs ( apart from ones with Windows installed.) But they found that Macs were capable of spreading the windows malware onto other computers. 

Mac OS X malware was also found during the research, but was not as common with one in 36 Macs carrying the virus. 

"Some Mac users may be relieved that they are seven times more likely to have Windows viruses, spyware and Trojans on their Macs than Mac OS X-specific malware, but Mac malware is surprisingly commonly encountered," said Graham Cluley, senior technology consultant at Sophos. "Mac users need a wake-up call about the growing malware problem."

Sophos researchers warn that malware can spread easily through emails, attachments, USB devices and even Website downloads. During their research, Sophos experts found computers that had been carrying malware since 2007, which could have easily been prevented had the user carried out a test. 

"The simple fact is that you can scan your Mac for infection from your armchair. The test is painless and free; you just download an anti-virus product and allow it to check your computer and protect it against infections in the future," says Cluley.

How to Check for Malware

Users who want to check their Macs at home can download the antivirus software can be downloaded at: http://www.sophos.com/freemacav .Cult of Mac also offers Malware checking and removal, which can be found here. 

Flashback Trojan Horse 

In early April, hundreds of thousands of Mac users were subjected to a Flashback Trojan Horse virus, which continued to spread despite various attempts to eliminate the virus with software updates and removal tools. 

Most cases of the malware have been removed, but for those who want to make sure their Mac isn't infected a free Flashback checker has been released and can be found here. 

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »

Aethlon Medical Note: An Unprecedented Data Point, The Single-Treatment … – MarketWatch (press release)

April 24th, 2012 | Author: admin

SAN DIEGO, April 24, 2012 /PRNewswire via COMTEX/ -- Aethlon Medical, Inc. /quotes/zigman/258005 AEMD +21.11% , today released the following note authored by its Chairman and CEO, Jim Joyce.

The gold standard for determining drug therapy benefit against infectious disease targets is to measure changes in patient viral load, otherwise known as the amount of virus that is detectable in circulation. Specific to Hepatitis C virus (HCV), the best predictor of whether a treated patient will achieve a long-term viral cure is the period of time it takes to first achieve undetectable viral load. We recently disclosed that the administration of Hemopurifer® therapy during the first three days of peginterferon+ribavirin (PR) drug therapy resulted in observations of immediate (IVR) and rapid virologic responses (RVR) in hard-to-treat genotype-1 patients. IVR is a 2-log or 100 fold reduction of HCV viral load at day-7. Such a response correlates with 90+% viral cure rates, yet is observed in less than 5% of patients who receive PR therapy alone. RVR is defined as undetectable HCV viral load at day-30 of treatment and correlates with viral cure rates of 86.2%, which is observed in only 10.35% of patients who initiate PR therapy.

In this note, I will discuss an unprecedented data point that further validates the potential of Hemopurifier® therapy to improve the benefit of current interferon-based and emerging all-antiviral drug regimens. This same data point also provides further evidence that may help to explain our recent IVR and RVR treatment observations.

As the result of a collaborative discussion with reviewers at the Center for Devices and Radiological Health (the FDA branch responsible for approving medical devices in the US), our researchers initiated an effort to establish a protocol that would quantify the amount of HCV captured within our Hemopurifier® during a single treatment application. This would first entail a post-treatment preparation for each Hemopurifier®, which would then need to be frozen until ready for shipment on dry ice. This process is still being perfected as two of the first three cartridges analyzed were badly cracked. The next step was to establish a repeatable protocol methodology that would allow biological fluid to be eluted from within the Hemopurifier® so that PCR, the standard for measuring viral copies, could be utilized to validate and quantify the capture of HCV during treatment. The results were compelling.

In the two cracked cartridges referenced above, our researchers recovered and measured the capture of 145 million and 353 million copies of HCV. However, when the fully intact Hemopurifier® was analyzed, our researchers recovered and measured that 300 billion (300,000,000,000) copies of HCV had been captured during a single six-hour treatment. For those viruses captured, the possibility of continued progeny virus replication was eliminated. I applaud our research team for establishing this unprecedented data point, which defines the contribution our Hemopurifier® can provide to current and future HCV treatment regimens. Additionally, this data point serves as a model for capture capacity of other disease enhancing particles, whether they be associated with cancer, sepsis or other viral conditions.

About Aethlon Medical

The Aethlon Medical mission is to create innovative medical devices that address unmet medical needs in cancer, infectious disease, and other life-threatening conditions. Our Aethlon ADAPT(TM) System is a revenue-stage technology platform that provides the basis for a new class of therapeutics that target the selective removal of disease enabling particles from the entire circulatory system. The Aethlon ADAPT(TM) product pipeline includes the Aethlon Hemopurifier® to address infectious disease and cancer; HER2osome(TM) to target HER2+ breast cancer, and a medical device being developed under a contract with the Defense Advanced Research Projects Agency (DARPA) that would reduce the incidence of sepsis in combat-injured soldiers and civilians. For more information, please visit www.aethlonmedical.com .

Certain of the statements herein may be forward-looking and involve risks and uncertainties. Such forward-looking statements involve assumptions, known and unknown risks, uncertainties and other factors which may cause the actual results, performance or achievements of Aethlon Medical, Inc. to be materially different from any future results, performance, or achievements expressed or implied by the forward-looking statements. Such potential risks and uncertainties include, without limitation, the ability for the Company to derive business partnerships or future revenue streams using the Aethlon ADAPT(TM) system including the ability to capture hepatitis c virus, there is no assurance that FDA will approve the initiation of the company's clinical programs or provide market clearance of the company's products, the ability to achieve the goals set out in the DARPA contract, future human studies of the Aethlon Hemopurifier® as an adjunct therapy to improve patient responsiveness to established cancer therapies, the company's ability to raise capital when needed, the Company's ability to complete the development of its planned products, the Company's ability to manufacture its products either internally or through outside companies and provide its services, the impact of government regulations, patent protection on the Company's proprietary technology, product liability exposure, uncertainty of market acceptance, competition, technological change, and other risk factors. In such instances, actual results could differ materially as a result of a variety of factors, including the risks associated with the effect of changing economic conditions and other risk factors detailed in the Company's Securities and Exchange Commission filings.

Contacts:

James A. JoyceChairman and CEO858.459.7800 x301jj@aethlonmedical.com

Jim FrakesChief Financial Officer858.459.7800 x300jfrakes@aethlonmedical.com

John P. SalvadorDirector, Communications858.459.7800 x307jps@aethlonmedical.com

SOURCE Aethlon Medical, Inc.

Copyright (C) 2012 PR Newswire. All rights reserved

/quotes/zigman/258005

US : OTCBB

Volume: 88,730

April 24, 2012 12:06p

Market Cap

$10.83 million

Rev. per Employee

$159,679

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.

Posted in Computer Security | No Comments »
« Older Entries
Newer Entries »
RSS Virus Removal Help
  • Zlob Downloader Trojan
    Do You need help with the zlob trojan virus? Here we have compiled a little info for you about the dangers and effects of the computer trojan, and also have resources for removal tools. […]
  • Smitfraud C Will Hijack Your Background on Your Computer! Read This to Stop It!
    Has the image on your desktop changed to something that you are completely unfamiliar with? The virus known as Smitfraud C could be the cause of something like this. We have the solution to your problems! […]
  • Need to Remove Zlob? Read This First
    Zlob is no joke, and it can be a huge hassle to remove. If you have downloaded on your computer you will want to remove it quickly and have some sort of protection to keep it off. Read on for some tips and resources that I recommend... […]
  • SmitFraud Removal Tool - Know What is Real and Fake!
    Do you have smitfraud and a program called SmitFraudFixTool has been bugging you to download and buy a program to remove the Smitfraud Downloader? You Need to read this article to find out why this program is fake! […]
  • Virtumonde Virus - How Do I Remove Virtumonde Once and For All?
    Virtumonde is a horrible and very aggressive computer virus that is prevalent online today. If you have this virus you need to remove it as soon as you can to stop serious PC problems. […]
services
Virus Removal

Contact Us | Privacy Policy
Copyright © 2009 Win32 Virus Removal | All Rights Reserved | Jade Theme by dkszone.net

Powered by WordPress

Powered by Yahoo! Answers